<?php 
if(isset($_POST['userid'])&&isset($_POST['password']))
{
	session_start(); 
	$userid=$_POST['userid'];
	$password=$_POST['password'];
	if ($userid=="" ||$password=="" ) die("Invalid SID");
	require_once("../includes/database.php"); 
	$db=new Database;
		$userid=mysql_real_escape_string($userid);
		$password=md5(mysql_real_escape_string($password));
		$sql="SELECT * FROM user_profile WHERE userid='$userid' AND password ='$password' AND accept=1 AND block=0 ";
	$rs = $db->query($sql);
	$row = mysql_fetch_array($rs);
	if(mysql_num_rows($rs)==1)
	{
		//setting sessions
		$_SESSION['login']="true";
		$_SESSION['id']=$row['id'];
		$_SESSION['role']=$row['role'];
		require_once('hits_update.php');
		echo "true";
	}
	else
	{
		echo "false";
	}
}
else
{
	echo 'Invalid SID';
}
?>